NPM 包 posthog-js 1.297.3 包含恶意软件。
我知道我们中的许多人使用非常优秀的 PostHog 服务,但似乎他们最新版本的 `posthog-js` NPM 包中包含恶意软件。<p>我已向他们的安全频道报告,也已向 NPM 报告,但我也想在这里引起大家的注意。
查看原文
I know many of us use a really excellent PostHog service, but it seems their latest version of `posthog-js` NPM package contains malware.<p>Reported to their security channel, also reported to NPM, but also wanted to raise awareness here.